Search This Blog

How to use SSH for an Internet Connection Sharing Proxy

I haven't made a blog in a long while, so I'd thought I'd share this, which I recently discovered how to do.

If you find the idea of proxies a bit restrictive. because after all, they have to be set up in the applications in question, and may not work for some applications, help is here. And all you need is an SSH server you can connect to. Sadly, this method requires root, but it's worth having for the system-wide Internet connection you'll get from it.

Authenticating as root

First, make sure you're root on the client machine (sudo -s or su -, depending on your distro), and that you can ssh as root to your target server. This is of course causes security implications, so it may be a good idea to generate a key pair for root-to-root access and block off passworded access for root, so that no one can bruteforce your root password.

Generate the key pair as root on the client:

client:~# ssh-keygen

And copy the key to the server

client:~# ssh-copy-id [server]

Test the root login. It should not prompt you for password authentication (unless you've set one in ssh-keygen). Now, to block off password logins, edit /etc/ssh/sshd_config (or /etc/sshd/sshd_config) on the server and make sure this line is present:

PermitRootLogin without-password

Hooray! We're now somewhat more secure!

Creating the tunnel

Now to start a tunnel. The -w switch on ssh will do what we need, and create a tunnel network interface on both computers. The first number is the number of the interface on the client, and the second is for the server. For example, 0:! will create tun0 on the client connected to tun1 on the server. You may specify auto for the next available one. Let's create tunnels called tun0 to make it simpler.

client:~# ssh -w0:0 [server]

Now, see if your tunnels were set up correctly.

server:~# ifconfig -a tun0

You should see a tun0 interface. This is a layer 3 tunneled virtual interface (point-to-point).

Set up an IP on both sides so each computer can talk to each other.server:~# ifconfig tun0 10.0.0.1 pointopoint 10.0.0.2client:~# ifconfig tun0 10.0.0.2 pointopoint 10.0.0.1Try pinging each side to see if you have a connection.
Once each host can talk to the other, we can set up the routing.

it might mean that you already have a tunnel with that interface name open. Check "ifconfig -a".

I get the message "ping: sendmsg: Operation not permitted" when testing the tunnel connection!

You didn't allow traffic to flow between the tunnel and local network device. Try turning the client firewall off.

The connection is slow!

There will be significant overhead as all the traffic is encapsulated into SSH and encrypted. You will also see latencies go up as traffic needs to travel from your client to your server and back additionally.

Did you know that Android devices expose a modem on the USB interface, even when "Tethering" is turned off? It appears like this in dmesg:

[22338.529851] cdc_acm 1-3:1.1: ttyACM0: USB ACM device

You can connect to this as a raw serial console like: screen /dev/ttyACM0 or: minicom -D /dev/ttyACM0

This will accept GSM modem commands prefixed with AT, and give information about the phone, and presumably allow a dialup-like interface.
Many of the examples on M2MSupport.net will work with the phone, depending on which manufacturer and capability set, presumably. With my Samsung Galaxy XCover 4, I got the GSM capability set.
Try playing around with this, but don't get charged by your provider too much for making calls you never end! Make sure you hang up properly as per the protocol.
For more on standard modem commands, see the Hayes command set article on Wikipedia.
That's all for now!